Since 2009 the federal government started the process of replacing local computers with cloud platforms. A recent report from the Congressional Research Service (CRS) provides an interesting view into the progress of these investments. It reveals the benefits that public agencies gain when using cloud services and the barriers they face when making the transition.

Advantages of Cloud Computing

Cloud computers are superior to locally-run data centers for a variety of reasons. The CRS report identifies six specific cloud benefits:

Cost- Cloud computer platforms use resources more efficiently than local servers. An organization that uses local Information Technology (IT) must invest in the infrastructure to support computer systems at times of peak demand. However, most times companies or government agencies require only a fraction of that computing power. Cloud computing allows organizations to pay for all of the resources they need and avoid costly investments in rarely used local IT systems.

Energy Efficiency- Cloud computing data centers benefit from economies of scale to run more efficiently than local servers. In some cases this can result in huge energy savings. For a large cloud computing center it also makes economic sense to invest in green energy sources like wind or solar for power.

Availability- Cloud computing systems make it easy for any device with an Internet connection to access files or software. However, if a facility temporarily loses Internet access the files on cloud system are inaccessible. Alternatively, a locally administered IT system could function without Internet connectivity.

Agility- Cloud systems can make it easier to upgrade operating systems and applications. The available computing power also means that memory intensive software packages are cost effective.

Security- Cloud providing companies also have the financial resources to purchase the tools necessary to ensure that networks remain safe.

Reliability- Cloud systems can save data onto multiple servers. If a single server goes down due to a cyberattack or another issue, the data is available on another server.

Government Investments in the Cloud

Determining the exact size of government cloud computing expenditures is difficult. Government spending on IT has increased every year from 2001 to 2013 when it reached a peak of $81 billion. In the three subsequent years it has decreased. Cloud computing expenditures likely represent a tiny fraction of that total. Market research firms have estimated that the federal government spends between $1.4 billion and $7 billion on cloud computers annually.

Trends in Total Federal Investment in Information Technology

Challenges for Migrating to the Cloud

The federal government has encountered several barriers in its plan to shift more functions to cloud platforms:

High Federal Security Requirements- The government faces new advanced persistent threats routinely. System-wide security updates are necessary more often than for private sector organizations. The short update cycle provides a unique challenge to cloud providers.

Adopting New Technologies- Government agencies have ingrained cultures that are slow to change. This shift from locally-based servers to the cloud can be slow and tedious for this reason.

Ancillary Technologies- Cloud technologies are known for their flexibility. However, government agencies may lack the necessary IT infrastructure or speedy Internet connections that leverage the maximum potential of the cloud.

Technical Know How- Cloud platforms require specialized knowledge to administer. Many government agencies lack the necessary experts to oversee a migration to the cloud.

IT Expenditure- Migration to the cloud can involve expensive initial costs. Additional funding is necessary to facilitate the shift to the cloud.

The Future of the Government Cloud

An analysis of the costs and benefits of cloud migration uncover a few specific barriers that the federal government must overcome to earn the full value from new technologies. First, lawmakers must be willing to spend more now to save money later. Cloud systems are cheaper to run than local administered servers but the initial transition costs are high. Current funding levels, which are trending down, are too low to finance such a change. Privacy and security are also major challenges. Government servers host troves of data that Americans expect to remain private. Converting these systems to the cloud will require the government’s full confidence that cloud systems are at least as secure. New legislation is likely necessary to achieve the complimentary goals of privacy and security.

Authors

]]>
Mon, 09 Feb 2015 07:30:00 -0500Joshua Bleiberg and Darrell M. West
Since 2009 the federal government started the process of replacing local computers with cloud platforms. A recent report from the Congressional Research Service (CRS) provides an interesting view into the progress of these investments. It reveals the benefits that public agencies gain when using cloud services and the barriers they face when making the transition.
Advantages of Cloud Computing
Cloud computers are superior to locally-run data centers for a variety of reasons. The CRS report identifies six specific cloud benefits:
- Cost- Cloud computer platforms use resources more efficiently than local servers. An organization that uses local Information Technology (IT) must invest in the infrastructure to support computer systems at times of peak demand. However, most times companies or government agencies require only a fraction of that computing power. Cloud computing allows organizations to pay for all of the resources they need and avoid costly investments in rarely used local IT systems. - Energy Efficiency- Cloud computing data centers benefit from economies of scale to run more efficiently than local servers. In some cases this can result in huge energy savings. For a large cloud computing center it also makes economic sense to invest in green energy sources like wind or solar for power. - Availability- Cloud computing systems make it easy for any device with an Internet connection to access files or software. However, if a facility temporarily loses Internet access the files on cloud system are inaccessible. Alternatively, a locally administered IT system could function without Internet connectivity. - Agility- Cloud systems can make it easier to upgrade operating systems and applications. The available computing power also means that memory intensive software packages are cost effective. - Security- Cloud providing companies also have the financial resources to purchase the tools necessary to ensure that networks remain safe. - Reliability- Cloud systems can save data onto multiple servers. If a single server goes down due to a cyberattack or another issue, the data is available on another server.
Government Investments in the Cloud
Determining the exact size of government cloud computing expenditures is difficult. Government spending on IT has increased every year from 2001 to 2013 when it reached a peak of $81 billion. In the three subsequent years it has decreased. Cloud computing expenditures likely represent a tiny fraction of that total. Market research firms have estimated that the federal government spends between $1.4 billion and $7 billion on cloud computers annually.
Trends in Total Federal Investment in Information Technology
Source: Congressional Research Service
Challenges for Migrating to the Cloud
The federal government has encountered several barriers in its plan to shift more functions to cloud platforms:
- High Federal Security Requirements- The government faces new advanced persistent threats routinely. System-wide security updates are necessary more often than for private sector organizations. The short update cycle provides a unique challenge to cloud providers. - Adopting New Technologies- Government agencies have ingrained cultures that are slow to change. This shift from locally-based servers to the cloud can be slow and tedious for this reason. - Ancillary Technologies- Cloud technologies are known for their flexibility. However, government agencies may lack the necessary IT infrastructure or speedy Internet connections that leverage the maximum potential of the cloud. - Technical Know How- Cloud platforms require specialized knowledge to administer. Many government agencies lack the necessary experts to oversee a migration to the cloud. - IT Expenditure- Migration to the cloud can involve expensive initial costs. Additional funding is necessary to facilitate the shift to the cloud.
The Future of the Government Cloud
An analysis of the costs and benefits of cloud ...
Since 2009 the federal government started the process of replacing local computers with cloud platforms. A recent report from the Congressional Research Service (CRS) provides an interesting view into the progress of these investments.

Since 2009 the federal government started the process of replacing local computers with cloud platforms. A recent report from the Congressional Research Service (CRS) provides an interesting view into the progress of these investments. It reveals the benefits that public agencies gain when using cloud services and the barriers they face when making the transition.

Advantages of Cloud Computing

Cloud computers are superior to locally-run data centers for a variety of reasons. The CRS report identifies six specific cloud benefits:

Cost- Cloud computer platforms use resources more efficiently than local servers. An organization that uses local Information Technology (IT) must invest in the infrastructure to support computer systems at times of peak demand. However, most times companies or government agencies require only a fraction of that computing power. Cloud computing allows organizations to pay for all of the resources they need and avoid costly investments in rarely used local IT systems.

Energy Efficiency- Cloud computing data centers benefit from economies of scale to run more efficiently than local servers. In some cases this can result in huge energy savings. For a large cloud computing center it also makes economic sense to invest in green energy sources like wind or solar for power.

Availability- Cloud computing systems make it easy for any device with an Internet connection to access files or software. However, if a facility temporarily loses Internet access the files on cloud system are inaccessible. Alternatively, a locally administered IT system could function without Internet connectivity.

Agility- Cloud systems can make it easier to upgrade operating systems and applications. The available computing power also means that memory intensive software packages are cost effective.

Security- Cloud providing companies also have the financial resources to purchase the tools necessary to ensure that networks remain safe.

Reliability- Cloud systems can save data onto multiple servers. If a single server goes down due to a cyberattack or another issue, the data is available on another server.

Government Investments in the Cloud

Determining the exact size of government cloud computing expenditures is difficult. Government spending on IT has increased every year from 2001 to 2013 when it reached a peak of $81 billion. In the three subsequent years it has decreased. Cloud computing expenditures likely represent a tiny fraction of that total. Market research firms have estimated that the federal government spends between $1.4 billion and $7 billion on cloud computers annually.

Trends in Total Federal Investment in Information Technology

Challenges for Migrating to the Cloud

The federal government has encountered several barriers in its plan to shift more functions to cloud platforms:

High Federal Security Requirements- The government faces new advanced persistent threats routinely. System-wide security updates are necessary more often than for private sector organizations. The short update cycle provides a unique challenge to cloud providers.

Adopting New Technologies- Government agencies have ingrained cultures that are slow to change. This shift from locally-based servers to the cloud can be slow and tedious for this reason.

Ancillary Technologies- Cloud technologies are known for their flexibility. However, government agencies may lack the necessary IT infrastructure or speedy Internet connections that leverage the maximum potential of the cloud.

Technical Know How- Cloud platforms require specialized knowledge to administer. Many government agencies lack the necessary experts to oversee a migration to the cloud.

IT Expenditure- Migration to the cloud can involve expensive initial costs. Additional funding is necessary to facilitate the shift to the cloud.

The Future of the Government Cloud

An analysis of the costs and benefits of cloud migration uncover a few specific barriers that the federal government must overcome to earn the full value from new technologies. First, lawmakers must be willing to spend more now to save money later. Cloud systems are cheaper to run than local administered servers but the initial transition costs are high. Current funding levels, which are trending down, are too low to finance such a change. Privacy and security are also major challenges. Government servers host troves of data that Americans expect to remain private. Converting these systems to the cloud will require the government’s full confidence that cloud systems are at least as secure. New legislation is likely necessary to achieve the complimentary goals of privacy and security.

Authors

]]>
http://www.brookings.edu/blogs/techtank/posts/2015/01/20-public-sector-cloud-computers?rssid=cloud+computing{74C665F0-16C2-4152-B157-8FA5E6CD1357}http://webfeeds.brookings.edu/~/83730496/0/brookingsrss/topics/cloudcomputing~Getting-IT-Right-How-State-Governments-are-Approaching-Cloud-ComputingGetting IT Right? How State Governments are Approaching Cloud Computing

Cloud computing is becoming omnipresent in the private sector as companies latch on to this innovation as a way to manage scalability, improve flexibility, and reduce cost. Analysts at IDC predict that, over the next six years, nearly 90 percent of new spending on Internet and communications technology will be on cloud-based platforms. Apple, Google, Amazon, Microsoft, and hundreds of smaller companies are positioning themselves to dominate the estimated $5 trillion worldwide market. While few companies will provide numbers, it is estimated that Amazon and Google may run as many as 10 million servers while Microsoft runs close to one million. In short, it is an innovation that makes a mockery out of Moore’s law.

But, like all innovations, cloud computing has potential pitfalls. Public sector organizations in particular have had difficulty taking advantage of new technologies. The Heritage Foundation keeps a list over 50 examples of government ineptitude including $34 billion in fraudulent Homeland Security contracts, National Institutes of Health renting a lab that it neither needs nor can use for $1.3 million per month, and the Department of Agriculture wasting $2.5 billion in stimulus money on broadband internet. Technological ineptitude received special attention with the failed launch of the Healthcare.gov, the release of classified data from Edward Snowden, and the costly FBI virtual case file debacle.

Cloud computing is far more than just a simple technology change and requires a close examination of governance, sourcing, and security. We sought to understand how well state government is prepared to address the challenges of cloud computing.

The Approach

We have gathered and started to do a content analysis of the IT strategic plans for each state. For each plan, we performed a content analysis, which is looking for certain phrases or text within the IT strategic plan in order to have a structured way to understand the data. Details for our approach can be seen in our previous blog post.

How States Are Implementing the Cloud

We were not surprised to see a number of states preparing to study or embark on cloud computing.

While some states don’t mention it (e.g. Alabama), most states are eagerly exploring it. For example, North Dakota’s plan talks about cloud computing as an integral part of the future and seven of its thirteen major IT initiatives are centered on preparation for transitioning to the cloud “where and when it makes sense”.

Vermont puts itself squarely in the studying period. The plan describes that, “While the risks of enterprise-wide and cloud-based IT must be carefully managed, trends continue to just larger-scale operations.” Wisconsin also clearly lays out its view on cloud computing, writing that, “Flexibility and responsiveness (also) guide Wisconsin’s approach toward adoption of cloud services” and suggests that its version of a private cloud “…offers advanced security and service availability tailored for business needs.” West Virginia provides an equally balanced approach by requiring that only services with an acceptably low risk and cost-effective footprint will be moved to the cloud.

In short, all of the states that are considering cloud computing are taking a thoughtful and balanced approach.

The Good

One of the most critical aspects of cloud computing is security and, without question, states understand the importance of good security. A good example of this is Colorado who designates security as one of its four “wildly important goals” and sets the target of “10 percent reduction in information security risk for Colorado agencies by close of FY15”.

South Carolina echoed the same theme by asserting that security and confidentiality are “overriding priorities at every stage of development and deployment.” Connecticut’s plans explain the need to “continuously improve the security and safeguards over agency data and information technology assets”.

The Bad

Despite the interest in cloud computing, we were only able to find a single state (Georgia) that explicitly links governance to security and, to us, by extension to cloud computing. In Georgia’s plan, they start with the idea that “strong security programs start with strong governance” and then explicitly describe necessary changes in governance to improve security.

We were, however, impressed with the seriousness that New York, North Carolina and Massachusetts took governance but it was difficult to find many other states that did.

The Ugly

Unfortunately the results on sourcing were dismal. While a few states (e.g. Kansas, Ohio, and Massachusetts) specifically discuss partnerships, most states seemed to ignore the sourcing aspect of cloud computing. The most ominous note comes from Alabama where they make a statement that innovation in the state is being stifled by a lack of strong personnel.

While we have great enthusiasm for government to address cloud computing, some of the non-technical issues are lagging in the discussion. Good government requires that these items be addressed in order to realize the promise of cloud computing.

Authors

]]>
Tue, 20 Jan 2015 07:30:00 -0500Kevin C. Desouza and Gregory Dawson
Cloud computing is becoming omnipresent in the private sector as companies latch on to this innovation as a way to manage scalability, improve flexibility, and reduce cost. Analysts at IDC predict that, over the next six years, nearly 90 percent of new spending on Internet and communications technology will be on cloud-based platforms. Apple, Google, Amazon, Microsoft, and hundreds of smaller companies are positioning themselves to dominate the estimated $5 trillion worldwide market. While few companies will provide numbers, it is estimated that Amazon and Google may run as many as 10 million servers while Microsoft runs close to one million. In short, it is an innovation that makes a mockery out of Moore's law.
But, like all innovations, cloud computing has potential pitfalls. Public sector organizations in particular have had difficulty taking advantage of new technologies. The Heritage Foundation keeps a list over 50 examples of government ineptitude including $34 billion in fraudulent Homeland Security contracts, National Institutes of Health renting a lab that it neither needs nor can use for $1.3 million per month, and the Department of Agriculture wasting $2.5 billion in stimulus money on broadband internet. Technological ineptitude received special attention with the failed launch of the Healthcare.gov, the release of classified data from Edward Snowden, and the costly FBI virtual case file debacle.
Cloud computing is far more than just a simple technology change and requires a close examination of governance, sourcing, and security. We sought to understand how well state government is prepared to address the challenges of cloud computing.
The Approach
We have gathered and started to do a content analysis of the IT strategic plans for each state. For each plan, we performed a content analysis, which is looking for certain phrases or text within the IT strategic plan in order to have a structured way to understand the data. Details for our approach can be seen in our previous blog post.
How States Are Implementing the Cloud
We were not surprised to see a number of states preparing to study or embark on cloud computing.
While some states don't mention it (e.g. Alabama), most states are eagerly exploring it. For example, North Dakota's plan talks about cloud computing as an integral part of the future and seven of its thirteen major IT initiatives are centered on preparation for transitioning to the cloud “where and when it makes sense”.
Vermont puts itself squarely in the studying period. The plan describes that, “While the risks of enterprise-wide and cloud-based IT must be carefully managed, trends continue to just larger-scale operations.” Wisconsin also clearly lays out its view on cloud computing, writing that, “Flexibility and responsiveness (also) guide Wisconsin's approach toward adoption of cloud services” and suggests that its version of a private cloud “…offers advanced security and service availability tailored for business needs.” West Virginia provides an equally balanced approach by requiring that only services with an acceptably low risk and cost-effective footprint will be moved to the cloud.
In short, all of the states that are considering cloud computing are taking a thoughtful and balanced approach.
The Good
One of the most critical aspects of cloud computing is security and, without question, states understand the importance of good security. A good example of this is Colorado who designates security as one of its four “wildly important goals” and sets the target of “10 percent reduction in information security risk for Colorado agencies by close of FY15”.
South Carolina echoed the same theme by asserting that security and confidentiality are “overriding priorities at every stage of development and deployment.” Connecticut's plans explain the need to “continuously improve the ...
Cloud computing is becoming omnipresent in the private sector as companies latch on to this innovation as a way to manage scalability, improve flexibility, and reduce cost. Analysts at IDC predict that, over the next six years, nearly 90 percent ...

Cloud computing is becoming omnipresent in the private sector as companies latch on to this innovation as a way to manage scalability, improve flexibility, and reduce cost. Analysts at IDC predict that, over the next six years, nearly 90 percent of new spending on Internet and communications technology will be on cloud-based platforms. Apple, Google, Amazon, Microsoft, and hundreds of smaller companies are positioning themselves to dominate the estimated $5 trillion worldwide market. While few companies will provide numbers, it is estimated that Amazon and Google may run as many as 10 million servers while Microsoft runs close to one million. In short, it is an innovation that makes a mockery out of Moore’s law.

But, like all innovations, cloud computing has potential pitfalls. Public sector organizations in particular have had difficulty taking advantage of new technologies. The Heritage Foundation keeps a list over 50 examples of government ineptitude including $34 billion in fraudulent Homeland Security contracts, National Institutes of Health renting a lab that it neither needs nor can use for $1.3 million per month, and the Department of Agriculture wasting $2.5 billion in stimulus money on broadband internet. Technological ineptitude received special attention with the failed launch of the Healthcare.gov, the release of classified data from Edward Snowden, and the costly FBI virtual case file debacle.

Cloud computing is far more than just a simple technology change and requires a close examination of governance, sourcing, and security. We sought to understand how well state government is prepared to address the challenges of cloud computing.

The Approach

We have gathered and started to do a content analysis of the IT strategic plans for each state. For each plan, we performed a content analysis, which is looking for certain phrases or text within the IT strategic plan in order to have a structured way to understand the data. Details for our approach can be seen in our previous blog post.

How States Are Implementing the Cloud

We were not surprised to see a number of states preparing to study or embark on cloud computing.

While some states don’t mention it (e.g. Alabama), most states are eagerly exploring it. For example, North Dakota’s plan talks about cloud computing as an integral part of the future and seven of its thirteen major IT initiatives are centered on preparation for transitioning to the cloud “where and when it makes sense”.

Vermont puts itself squarely in the studying period. The plan describes that, “While the risks of enterprise-wide and cloud-based IT must be carefully managed, trends continue to just larger-scale operations.” Wisconsin also clearly lays out its view on cloud computing, writing that, “Flexibility and responsiveness (also) guide Wisconsin’s approach toward adoption of cloud services” and suggests that its version of a private cloud “…offers advanced security and service availability tailored for business needs.” West Virginia provides an equally balanced approach by requiring that only services with an acceptably low risk and cost-effective footprint will be moved to the cloud.

In short, all of the states that are considering cloud computing are taking a thoughtful and balanced approach.

The Good

One of the most critical aspects of cloud computing is security and, without question, states understand the importance of good security. A good example of this is Colorado who designates security as one of its four “wildly important goals” and sets the target of “10 percent reduction in information security risk for Colorado agencies by close of FY15”.

South Carolina echoed the same theme by asserting that security and confidentiality are “overriding priorities at every stage of development and deployment.” Connecticut’s plans explain the need to “continuously improve the security and safeguards over agency data and information technology assets”.

The Bad

Despite the interest in cloud computing, we were only able to find a single state (Georgia) that explicitly links governance to security and, to us, by extension to cloud computing. In Georgia’s plan, they start with the idea that “strong security programs start with strong governance” and then explicitly describe necessary changes in governance to improve security.

We were, however, impressed with the seriousness that New York, North Carolina and Massachusetts took governance but it was difficult to find many other states that did.

The Ugly

Unfortunately the results on sourcing were dismal. While a few states (e.g. Kansas, Ohio, and Massachusetts) specifically discuss partnerships, most states seemed to ignore the sourcing aspect of cloud computing. The most ominous note comes from Alabama where they make a statement that innovation in the state is being stifled by a lack of strong personnel.

While we have great enthusiasm for government to address cloud computing, some of the non-technical issues are lagging in the discussion. Good government requires that these items be addressed in order to realize the promise of cloud computing.

Authors

]]>
http://www.brookings.edu/blogs/techtank/posts/2014/07/17-cloud-computing-regulation-ttip?rssid=cloud+computing{8FE5639F-6E16-4220-B321-A6DBBCA7C3E5}http://webfeeds.brookings.edu/~/69358208/0/brookingsrss/topics/cloudcomputing~Threats-to-the-Future-of-Cloud-Computing-Surveillance-and-Transatlantic-TradeThreats to the Future of Cloud Computing: Surveillance and Transatlantic Trade

The first instance of “cloud” computing came in 2006, when Amazon released its Elastic Compute Cloud, a service for consumers to lease space on virtual machines to run software. Now, the cloud enables the transfer and storage of data around the world, in an almost seamless fashion. Using cloud services are a seamless experience from the consumer perspective. This ease of use obscures significant regulation from governments on both sides of the Atlantic. The Safe Harbor Principles is a framework that ensures that personal consumer data being transferred from the EU to the US is still subject to a level of security in compliance with the EU’sstricter regulation on data protection. US companies must be certified within this framework, in order to transfer consumer data outside the EU.

A comprehensive data privacy arrangement that satisfies both sides of the Atlantic is necessary to preserve the free flow of data, and the resulting commerce, between the two regions. Speaking at the 2014 Cloud Computing Policy Conference, Cameron F. Kerry suggested that neither side of the Atlantic can afford to partition the Internet. Currently trade negotiators are assessing the viability including an update to Safe Harbor Principles as a part of the Transatlantic Trade and Investment Partnership (TTIP).

TTIP and the Future of Trade

The NSA revelations last year have only increased support for further regulation over the transfer of personal data in the cloud, especially in the European Union (EU). The revelations have also brought to light significant differences in the European and US conceptions of privacy. The ruling by the European Court of Justice on the “right to be forgotten” is a recent example of this transatlantic divide. In EU countries, citizens can now request Google to take down links from search results that lead users to potentially damaging information.

There are several disputes that negotiators must first resolve. Europeans would prefer that American regulators take a more active role in cases where US firms are violating the Safe Harbor principles. EU officials have also indicated they would like to include a mechanism to send an alert if data were improperly shared with US law enforcement officials. The expansion of the codes of conduct within the cloud would serve as a major step towards finalizing TTIP. A European Commission Analysis finds that TTIP would inject about $130 billion into the US economy. Ultimately both the EU and the US have so much to gain that both nations must find a way to resolve these thorny issues.

The first instance of “cloud” computing came in 2006, when Amazon released its Elastic Compute Cloud, a service for consumers to lease space on virtual machines to run software. Now, the cloud enables the transfer and storage of data around the world, in an almost seamless fashion. Using cloud services are a seamless experience from the consumer perspective. This ease of use obscures significant regulation from governments on both sides of the Atlantic. The Safe Harbor Principles is a framework that ensures that personal consumer data being transferred from the EU to the US is still subject to a level of security in compliance with the EU’sstricter regulation on data protection. US companies must be certified within this framework, in order to transfer consumer data outside the EU.

A comprehensive data privacy arrangement that satisfies both sides of the Atlantic is necessary to preserve the free flow of data, and the resulting commerce, between the two regions. Speaking at the 2014 Cloud Computing Policy Conference, Cameron F. Kerry suggested that neither side of the Atlantic can afford to partition the Internet. Currently trade negotiators are assessing the viability including an update to Safe Harbor Principles as a part of the Transatlantic Trade and Investment Partnership (TTIP).

TTIP and the Future of Trade

The NSA revelations last year have only increased support for further regulation over the transfer of personal data in the cloud, especially in the European Union (EU). The revelations have also brought to light significant differences in the European and US conceptions of privacy. The ruling by the European Court of Justice on the “right to be forgotten” is a recent example of this transatlantic divide. In EU countries, citizens can now request Google to take down links from search results that lead users to potentially damaging information.

There are several disputes that negotiators must first resolve. Europeans would prefer that American regulators take a more active role in cases where US firms are violating the Safe Harbor principles. EU officials have also indicated they would like to include a mechanism to send an alert if data were improperly shared with US law enforcement officials. The expansion of the codes of conduct within the cloud would serve as a major step towards finalizing TTIP. A European Commission Analysis finds that TTIP would inject about $130 billion into the US economy. Ultimately both the EU and the US have so much to gain that both nations must find a way to resolve these thorny issues.

As of today, the federal government will require that all cloud service providers have Federal Risk and Authorization Program (FedRAMP) approval. FedRAMP is a program meant to standardize the security of cloud services, thus reducing the time and effort that independent cloud providers would need to spend ensuring cloud security. According to a 2013 annual report by the General Services Administration, agencies that use FedRAMP could save 50 percent on staffing and $200,000 in costs overall. FedRAMP will operate under similar rules as the Federal Information Security Management Act (FISMA), which helps maintain security of federal IT systems, applications and databases. Both FISMA and FedRAMP will provide enhanced protection and scrutiny for federal and independent agencies.

As of today, the federal government will require that all cloud service providers have Federal Risk and Authorization Program (FedRAMP) approval. FedRAMP is a program meant to standardize the security of cloud services, thus reducing the time and effort that independent cloud providers would need to spend ensuring cloud security. According to a 2013 annual report by the General Services Administration, agencies that use FedRAMP could save 50 percent on staffing and $200,000 in costs overall. FedRAMP will operate under similar rules as the Federal Information Security Management Act (FISMA), which helps maintain security of federal IT systems, applications and databases. Both FISMA and FedRAMP will provide enhanced protection and scrutiny for federal and independent agencies.

The United States exports digital goods worth hundreds of billions of dollars across the Atlantic each year. And both Silicon Valley and Hollywood do big business with Europe every year. Differences in approaches to privacy have always made this relationship unsteady but the Snowden disclosures greatly complicated the prospects of a Transatlantic Trade and Investment Partnership. In this paper Cameron Kerry examines that politics of transatlantic trade and the critical role that U.S. privacy policy plays in these conversations.

Kerry relies on his experience as the U.S.’s chief international negotiator for privacy and data regulation to provide an overview of key proposals related to privacy and data in Europe. He addresses the possible development of a European Internet and the current regulatory regime known as Safe Harbor. Kerry argues that America and Europe have different approaches to protecting privacy both which have strengths and weaknesses.

To promote transatlantic trade the United states should:

Not be defensive about its protection of privacy

Provide clear information to the worldwide community about American law enforcement surveillance

Strengthen its own privacy protection

Focus on the importance of trade to the American and European economies

The United States exports digital goods worth hundreds of billions of dollars across the Atlantic each year. And both Silicon Valley and Hollywood do big business with Europe every year. Differences in approaches to privacy have always made this relationship unsteady but the Snowden disclosures greatly complicated the prospects of a Transatlantic Trade and Investment Partnership. In this paper Cameron Kerry examines that politics of transatlantic trade and the critical role that U.S. privacy policy plays in these conversations.

Kerry relies on his experience as the U.S.’s chief international negotiator for privacy and data regulation to provide an overview of key proposals related to privacy and data in Europe. He addresses the possible development of a European Internet and the current regulatory regime known as Safe Harbor. Kerry argues that America and Europe have different approaches to protecting privacy both which have strengths and weaknesses.

To promote transatlantic trade the United states should:

Not be defensive about its protection of privacy

Provide clear information to the worldwide community about American law enforcement surveillance

Strengthen its own privacy protection

Focus on the importance of trade to the American and European economies

Downloads

Authors

]]>
http://www.brookings.edu/blogs/techtank/posts/2014/05/20-ttip-snowden-data-regulation-kerry?rssid=cloud+computing{F17ED142-BCAF-4E65-9514-BB1A3910AED7}http://webfeeds.brookings.edu/~/65489081/0/brookingsrss/topics/cloudcomputing~Bridging-Transatlantic-Differences-on-Data-and-Privacy-After-SnowdenBridging Transatlantic Differences on Data and Privacy After Snowden

“Missed connections” is the personals ads category for people whose encounters are too fleeting to form any union – a lost-and-found for relationships. I gave that title to my paper on the conversation between the United States and for Europe on data, privacy, and surveillance because I thought it provides an apt metaphor for the hopes and frustrations on both sides of that conversation.

The United States and Europe are linked by common values and overlapping heritage, an enduring security alliance, and the world’s largest trading relationship. Europe has become the largest crossroad of the Internet and the transatlantic backbone is the global Internet’s highest capacity route.

[I]

But differences in approaches to the regulation of the privacy of personal information threaten to disrupt the vast flow of information between Europe and the U.S. These differences have been exacerbated by the Edward Snowden disclosures, especially stories about the PRISM program and eavesdropping on Chancellor Angela Merkel’s cell phone. The reaction has been profound enough to give momentum to calls for suspension of the “Safe Harbor” agreement that facilitates transfers of data between the U.S. Europe; and Chancellor Merkel, the European Parliament, and other EU leaders who have called for some form of European Internet that would keep data on European citizens inside EU borders. So it can seem like the U.S. and EU are gazing at each other from trains headed in opposite directions.

My paper went to press before last week’s European Court of Justice ruling that Google must block search results showing that a Spanish citizen had property attached for debt several years ago. What is most startling about the decision is this information was accurate and had been published in a Spanish newspaper by government mandate but – for these reasons – the newspaper was not obligated to remove the information from its website; nevertheless, Google could be required to remove links to that website from search results in Spain. That is quite different from the way the right to privacy has been applied in America. The decision’s discussion of search as “profiling” bears out what the paper says about European attitudes toward Google and U.S. Internet companies. So the decision heightens the differences between the U.S. and Europe.

Nonetheless, it does not have to be so desperate. In my paper, I look at the issues that have divided the United States and Europe when it comes to data and the things they have in common, the issues currently in play, and some ways the United States can help to steer the conversation in the right direction.

“Missed connections” is the personals ads category for people whose encounters are too fleeting to form any union – a lost-and-found for relationships. I gave that title to my paper on the conversation between the United States and for Europe on data, privacy, and surveillance because I thought it provides an apt metaphor for the hopes and frustrations on both sides of that conversation.

The United States and Europe are linked by common values and overlapping heritage, an enduring security alliance, and the world’s largest trading relationship. Europe has become the largest crossroad of the Internet and the transatlantic backbone is the global Internet’s highest capacity route.

[I]

But differences in approaches to the regulation of the privacy of personal information threaten to disrupt the vast flow of information between Europe and the U.S. These differences have been exacerbated by the Edward Snowden disclosures, especially stories about the PRISM program and eavesdropping on Chancellor Angela Merkel’s cell phone. The reaction has been profound enough to give momentum to calls for suspension of the “Safe Harbor” agreement that facilitates transfers of data between the U.S. Europe; and Chancellor Merkel, the European Parliament, and other EU leaders who have called for some form of European Internet that would keep data on European citizens inside EU borders. So it can seem like the U.S. and EU are gazing at each other from trains headed in opposite directions.

My paper went to press before last week’s European Court of Justice ruling that Google must block search results showing that a Spanish citizen had property attached for debt several years ago. What is most startling about the decision is this information was accurate and had been published in a Spanish newspaper by government mandate but – for these reasons – the newspaper was not obligated to remove the information from its website; nevertheless, Google could be required to remove links to that website from search results in Spain. That is quite different from the way the right to privacy has been applied in America. The decision’s discussion of search as “profiling” bears out what the paper says about European attitudes toward Google and U.S. Internet companies. So the decision heightens the differences between the U.S. and Europe.

Nonetheless, it does not have to be so desperate. In my paper, I look at the issues that have divided the United States and Europe when it comes to data and the things they have in common, the issues currently in play, and some ways the United States can help to steer the conversation in the right direction.

Event Information

In his new book The Mobile Wave: How Mobile Intelligence Will Change Everything (Vanguard Press, 2012), CEO of MicroStrategy Michael Saylor examines the transformative possibilities of mobile computing on business, society, economies and everyday life. Saylor argues that mobile technologies such as smartphones and tablet computers – “the fifth wave of computer technology” – will be indispensible tools for modern life and completely alter how we live.

On October 5, the Center for Technology Innovation at Brookings hosted a forum on mobile computing and its monumental impact on our future. Moderated by Vice President Darrell West, Michael Saylor discussed key highlights from his book and offered insights as to what sort of change we can expect from the macro level down to the most mundane of everyday humans tasks.

Audio

Transcript

Event Materials

]]>
Fri, 05 Oct 2012 10:00:00 -0400http://e94516386dde43a790f1-3efc6a395eb32e640ae30c4edef7596c.r44.cf1.rackcdn.com/1880511753001.mp3
Event Information
October 5, 2012
10:00 AM - 11:30 AM EDT
Falk Auditorium
Brookings Institution
1775 Massachusetts Avenue NW
Washington, DC 20036 Register for the Event
In his new book The Mobile Wave: How Mobile Intelligence Will Change Everything (Vanguard Press, 2012), CEO of MicroStrategy Michael Saylor examines the transformative possibilities of mobile computing on business, society, economies and everyday life. Saylor argues that mobile technologies such as smartphones and tablet computers – “the fifth wave of computer technology” – will be indispensible tools for modern life and completely alter how we live.
On October 5, the Center for Technology Innovation at Brookings hosted a forum on mobile computing and its monumental impact on our future. Moderated by Vice President Darrell West, Michael Saylor discussed key highlights from his book and offered insights as to what sort of change we can expect from the macro level down to the most mundane of everyday humans tasks.
Audio
- Riding the Mobile Wave: The Future of Mobile Computing
Transcript
- Transcript (.pdf)
Event Materials
- 20121005_mobile_wave
Event Information
October 5, 2012
10:00 AM - 11:30 AM EDT
Falk Auditorium
Brookings Institution
1775 Massachusetts Avenue NW
Washington, DC 20036 Register for the Event
In his new book The Mobile Wave: How Mobile Intelligence Will Change ...

Event Information

In his new book The Mobile Wave: How Mobile Intelligence Will Change Everything (Vanguard Press, 2012), CEO of MicroStrategy Michael Saylor examines the transformative possibilities of mobile computing on business, society, economies and everyday life. Saylor argues that mobile technologies such as smartphones and tablet computers – “the fifth wave of computer technology” – will be indispensible tools for modern life and completely alter how we live.

On October 5, the Center for Technology Innovation at Brookings hosted a forum on mobile computing and its monumental impact on our future. Moderated by Vice President Darrell West, Michael Saylor discussed key highlights from his book and offered insights as to what sort of change we can expect from the macro level down to the most mundane of everyday humans tasks.

Audio

Transcript

Event Materials

]]>
http://www.brookings.edu/blogs/up-front/posts/2011/08/09-cio-west?rssid=cloud+computing{FC4DB4D2-7CBE-4268-879C-0C6A67AC4A3F}http://webfeeds.brookings.edu/~/65489088/0/brookingsrss/topics/cloudcomputing~New-Federal-Government-CIO-is-Key-to-Improving-Government-PerformanceNew Federal Government CIO is Key to Improving Government Performance

The appointment of new federal chief information officer Steven VanRoekel comes at a challenging time for President Barack Obama. The national economy continues to be weak. Congress plans to cut trillions from the federal budget. And in the time leading up to the 2012 election, American voters remain cynical about the ability of the government to address important policy problems in an effective manner.

In an era of deficit reduction and public cynicism, the tasks facing federal officials are to determine how to do more with less and persuade voters the government can become smarter and more effective. There are going to be fewer dollars for virtually every federal program so it is important to figure how ways to innovate and perform more efficiently.

Former CIO Vivek Kundra sought to do this through encouraging agencies to move software applications to the cloud, consolidating federal data centers, improving transparency, and improving the information technology procurement process. It is important to continue this progress even as agencies are forced to downsize their operations.

As shown in the private sector, government administrators should use technology to cut costs, improve worker productivity, and streamline operations. This is not just a matter of using technology in more innovative ways, but changing the operations and culture of the public sector. Public officials must improve its data mining activities to identify fraud and abuse in Medicare, Medicaid, the Defense Department, and other domestic programs.

New software gives managers better tools to evaluate how money is being spent and whether it is fulfilling intended goals. If it is not, programs need to be modified or eliminated. The most important weapon in Mr. VanRoekel’s arsenal may be the scalpel as he goes through the federal government’s $80 billion IT budget.

The appointment of new federal chief information officer Steven VanRoekel comes at a challenging time for President Barack Obama. The national economy continues to be weak. Congress plans to cut trillions from the federal budget. And in the time leading up to the 2012 election, American voters remain cynical about the ability of the government to address important policy problems in an effective manner.

In an era of deficit reduction and public cynicism, the tasks facing federal officials are to determine how to do more with less and persuade voters the government can become smarter and more effective. There are going to be fewer dollars for virtually every federal program so it is important to figure how ways to innovate and perform more efficiently.

Former CIO Vivek Kundra sought to do this through encouraging agencies to move software applications to the cloud, consolidating federal data centers, improving transparency, and improving the information technology procurement process. It is important to continue this progress even as agencies are forced to downsize their operations.

As shown in the private sector, government administrators should use technology to cut costs, improve worker productivity, and streamline operations. This is not just a matter of using technology in more innovative ways, but changing the operations and culture of the public sector. Public officials must improve its data mining activities to identify fraud and abuse in Medicare, Medicaid, the Defense Department, and other domestic programs.

New software gives managers better tools to evaluate how money is being spent and whether it is fulfilling intended goals. If it is not, programs need to be modified or eliminated. The most important weapon in Mr. VanRoekel’s arsenal may be the scalpel as he goes through the federal government’s $80 billion IT budget.

Authors

]]>
http://www.brookings.edu/research/papers/2011/07/25-cloud-computing-villasenor?rssid=cloud+computing{68E0F9B3-1C71-46C5-B8B2-3C20E04DD594}http://webfeeds.brookings.edu/~/65489089/0/brookingsrss/topics/cloudcomputing~Addressing-Export-Control-in-the-Age-of-Cloud-ComputingAddressing Export Control in the Age of Cloud Computing

Executive Summary

The move to the cloud is one of the defining information technology trends of the early 21st century. By providing businesses, universities, government agencies, and other entities with access to shared and often physically dispersed computing resources, cloud computing can simultaneously offer increased flexibility, reduced cost, and access to a wider array of services.

Cloud computing has also created a set of new challenges. For example, the issues of privacy and security in the cloud are well recognized and have been extensively discussed in the business and popular press. However, one critical issue that has received very little attention with respect to cloud computing is export control.

In the broadest sense, export control relates to regulations that the United States and many other countries have put in place to restrict the export of various sensitive items, information, and software.

There is an inherent tension between cloud computing and export control. While the concept of the cloud is centered on the premise of removing the need to track the details of data movement among various destinations, export control regulations are built largely around restrictions tied to those very movements.

If cloud computing is to reach its full potential, it is critical for providers and users of cloud services to address its implications with respect to export control. It is equally important to adapt the export control regulations to reflect the increasing prevalence of cloud computing in a manner that preserves the ability of American companies to benefit from the efficiencies of the cloud while also ensuring that American national security and foreign policy interests are adequately protected.

The move to the cloud is one of the defining information technology trends of the early 21st century. By providing businesses, universities, government agencies, and other entities with access to shared and often physically dispersed computing resources, cloud computing can simultaneously offer increased flexibility, reduced cost, and access to a wider array of services.

Cloud computing has also created a set of new challenges. For example, the issues of privacy and security in the cloud are well recognized and have been extensively discussed in the business and popular press. However, one critical issue that has received very little attention with respect to cloud computing is export control.

In the broadest sense, export control relates to regulations that the United States and many other countries have put in place to restrict the export of various sensitive items, information, and software.

There is an inherent tension between cloud computing and export control. While the concept of the cloud is centered on the premise of removing the need to track the details of data movement among various destinations, export control regulations are built largely around restrictions tied to those very movements.

If cloud computing is to reach its full potential, it is critical for providers and users of cloud services to address its implications with respect to export control. It is equally important to adapt the export control regulations to reflect the increasing prevalence of cloud computing in a manner that preserves the ability of American companies to benefit from the efficiencies of the cloud while also ensuring that American national security and foreign policy interests are adequately protected.

Listen to the chatter from top officials, and you’d think that World War III was about to break out on the Internet. The defense secretary is warning about a digital “Pearl Harbor.” Former director of national intelligence Mike McConnell declares that the United States is “fighting a cyber war, and we’re losing.” Every new hack brings more pronouncements of network doom.

The scare talk, however, is misplaced. Yes, we’re facing enormous cybersecurity problems — just look at the high-profile penetrations of such companies as Sony and Lockheed or the millions of Americans whose personal information has been stolen online.

But these aren’t signs of some impending cataclysmic showdown as I explain in my new cybersecurity paper for The Brookings Institution. They’re markers of a rising tide of online crime that, in its own way, could be more dangerous than a cyberwar. According to the British government, online thieves, scammers and industrial spies cost U.K. businesses an estimated $43.5 billion in the past year alone. Crooks-for-hire will infect a thousand computers for $7 — that’s how simple it’s become. Sixty thousand new malicious software variants are detected every day. Forget “Pearl Harbor”; if we’re not careful, the Internet could be in danger of looking like the South Bronx circa 1989 – a place where crooks hold such sway that honest people find it hard to live or work there.

Could there be some online conflict in the future? Maybe. But crooks are draining billions from the legitimate global economy right now. Even the Pentagon’s specialists are worried, noting in their new cybersecurity strategy that “the tools and techniques developed by cyber criminals are increasing in sophistication at an incredible rate.”

Authors

]]>
Fri, 22 Jul 2011 00:00:00 -0400Noah Shachtman
Listen to the chatter from top officials, and you'd think that World War III was about to break out on the Internet. The defense secretary is warning about a digital “Pearl Harbor.” Former director of national intelligence Mike McConnell declares that the United States is “fighting a cyber war, and we're losing.” Every new hack brings more pronouncements of network doom.
The scare talk, however, is misplaced. Yes, we're facing enormous cybersecurity problems — just look at the high-profile penetrations of such companies as Sony and Lockheed or the millions of Americans whose personal information has been stolen online.
But these aren't signs of some impending cataclysmic showdown as I explain in my new cybersecurity paper for The Brookings Institution. They're markers of a rising tide of online crime that, in its own way, could be more dangerous than a cyberwar. According to the British government, online thieves, scammers and industrial spies cost U.K. businesses an estimated $43.5 billion in the past year alone. Crooks-for-hire will infect a thousand computers for $7 — that's how simple it's become. Sixty thousand new malicious software variants are detected every day. Forget “Pearl Harbor”; if we're not careful, the Internet could be in danger of looking like the South Bronx circa 1989 – a place where crooks hold such sway that honest people find it hard to live or work there.
Could there be some online conflict in the future? Maybe. But crooks are draining billions from the legitimate global economy right now. Even the Pentagon's specialists are worried, noting in their new cybersecurity strategy that “the tools and techniques developed by cyber criminals are increasing in sophistication at an incredible rate.”
Those tools also are becoming easier to use. The latest crimeware makes stealing passwords about as simple as setting up Web pages. One gang, recently arrested, used it to drain $9.5 million in just three months.
Read the full article at washingtonpost.com >>
Authors
- Noah Shachtman
Publication: The Washington PostListen to the chatter from top officials, and you'd think that World War III was about to break out on the Internet. The defense secretary is warning about a digital “Pearl Harbor.” Former director of national intelligence Mike McConnell ...

Listen to the chatter from top officials, and you’d think that World War III was about to break out on the Internet. The defense secretary is warning about a digital “Pearl Harbor.” Former director of national intelligence Mike McConnell declares that the United States is “fighting a cyber war, and we’re losing.” Every new hack brings more pronouncements of network doom.

The scare talk, however, is misplaced. Yes, we’re facing enormous cybersecurity problems — just look at the high-profile penetrations of such companies as Sony and Lockheed or the millions of Americans whose personal information has been stolen online.

But these aren’t signs of some impending cataclysmic showdown as I explain in my new cybersecurity paper for The Brookings Institution. They’re markers of a rising tide of online crime that, in its own way, could be more dangerous than a cyberwar. According to the British government, online thieves, scammers and industrial spies cost U.K. businesses an estimated $43.5 billion in the past year alone. Crooks-for-hire will infect a thousand computers for $7 — that’s how simple it’s become. Sixty thousand new malicious software variants are detected every day. Forget “Pearl Harbor”; if we’re not careful, the Internet could be in danger of looking like the South Bronx circa 1989 – a place where crooks hold such sway that honest people find it hard to live or work there.

Could there be some online conflict in the future? Maybe. But crooks are draining billions from the legitimate global economy right now. Even the Pentagon’s specialists are worried, noting in their new cybersecurity strategy that “the tools and techniques developed by cyber criminals are increasing in sophistication at an incredible rate.”

Event Information

June 16, 201112:00 PM - 1:30 PM EDT

Room SVC-209U.S. Capitol Visitor's CenterU.S. CapitolWashington, DC

While research suggests that considerable efficiencies can be gained from cloud computing technology, concerns over privacy and security continue to deter governments and private-sector firms from migrating to the cloud. Senator Amy Klobuchar (D-Minn.) has advanced discussion of the “Cloud Computing Act of 2011,” draft legislation that would address these challenges by encouraging the U.S. government to negotiate with other countries to establish consistent laws related to online security and cloud computing. The bill also creates new enforcement tools for investigating and prosecuting those who violate online privacy and security laws.

On June 16, the Brookings Institution hosted a forum on the policy proposals in the Cloud Computing Act of 2011. Discussion included an overview of the international policy implications as governments and firms adjust to a coherent legal framework, changes and innovations in public procurement, and challenges for private industry as it balances consumer needs and compliance with these proposed cloud computing safeguards.

After the program, panelists took audience questions.

Transcript

Event Materials

]]>
Thu, 16 Jun 2011 12:00:00 -0400
Event Information
June 16, 2011
12:00 PM - 1:30 PM EDT
Room SVC-209
U.S. Capitol Visitor's Center
U.S. Capitol
Washington, DC
While research suggests that considerable efficiencies can be gained from cloud computing technology, concerns over privacy and security continue to deter governments and private-sector firms from migrating to the cloud. Senator Amy Klobuchar (D-Minn.) has advanced discussion of the “Cloud Computing Act of 2011,” draft legislation that would address these challenges by encouraging the U.S. government to negotiate with other countries to establish consistent laws related to online security and cloud computing. The bill also creates new enforcement tools for investigating and prosecuting those who violate online privacy and security laws.
On June 16, the Brookings Institution hosted a forum on the policy proposals in the Cloud Computing Act of 2011. Discussion included an overview of the international policy implications as governments and firms adjust to a coherent legal framework, changes and innovations in public procurement, and challenges for private industry as it balances consumer needs and compliance with these proposed cloud computing safeguards.
After the program, panelists took audience questions.
Transcript
- Uncorrected Transcript (.pdf)
Event Materials
- 20110616_cloud_computing
Event Information
June 16, 2011
12:00 PM - 1:30 PM EDT
Room SVC-209
U.S. Capitol Visitor's Center
U.S. Capitol
Washington, DC
While research suggests that considerable efficiencies can be gained from cloud computing technology, concerns ...

Event Information

While research suggests that considerable efficiencies can be gained from cloud computing technology, concerns over privacy and security continue to deter governments and private-sector firms from migrating to the cloud. Senator Amy Klobuchar (D-Minn.) has advanced discussion of the “Cloud Computing Act of 2011,” draft legislation that would address these challenges by encouraging the U.S. government to negotiate with other countries to establish consistent laws related to online security and cloud computing. The bill also creates new enforcement tools for investigating and prosecuting those who violate online privacy and security laws.

On June 16, the Brookings Institution hosted a forum on the policy proposals in the Cloud Computing Act of 2011. Discussion included an overview of the international policy implications as governments and firms adjust to a coherent legal framework, changes and innovations in public procurement, and challenges for private industry as it balances consumer needs and compliance with these proposed cloud computing safeguards.

After the program, panelists took audience questions.

Transcript

Event Materials

]]>
http://www.brookings.edu/blogs/up-front/posts/2011/06/06-innovation-advisory-west?rssid=cloud+computing{19E23EEB-387E-45E2-BDD3-2440A44E7799}http://webfeeds.brookings.edu/~/65489094/0/brookingsrss/topics/cloudcomputing~Technology-and-the-Federal-Government-Recommendations-for-the-Innovation-Advisory-BoardTechnology and the Federal Government: Recommendations for the Innovation Advisory Board

Our former Brookings colleague Rebecca Blank, now at the Commerce Department, is today leading the first meeting of the Obama Administration’s Innovation Advisory Board, looking at the innovative capacity and economic competitiveness of the United States.

I applaud the effort. Nothing is more important to America’s longterm competitiveness than emphasizing innovation. As the council looks to the private sector and global markets, I urge it to examine how the U.S. government can lead innovation and contribute to economic growth. The best place to look is new and emerging digital technologies that can make government more accessible, accountable, responsive and efficient for the people who use government services every day.

Continue to prioritize the Obama administration’s existing efforts to put unparalleled amounts of data online at Data.gov and other federal sites, making it easier and cheaper for citizens and businesses to access the information they need.

Use social media networks to deliver information to the public and to solicit feedback to improve government performance.

Integrate ideas and operations with state and local organizations, where much of government innovation is taking place today.

Apply the methods of private-sector business planning to the public sector to produce region-specific business plans that are low cost and high impact.

These improvements in government services innovations in the digital age can help spur innovation and support a robust business climate. And, as a sorely needed side benefit, they can also serve to eliminate some of the current distrust and even contempt for government that has brought public approval of the performance of the federal government to near historic lows.

Our former Brookings colleague Rebecca Blank, now at the Commerce Department, is today leading the first meeting of the Obama Administration’s Innovation Advisory Board, looking at the innovative capacity and economic competitiveness of the United States.

I applaud the effort. Nothing is more important to America’s longterm competitiveness than emphasizing innovation. As the council looks to the private sector and global markets, I urge it to examine how the U.S. government can lead innovation and contribute to economic growth. The best place to look is new and emerging digital technologies that can make government more accessible, accountable, responsive and efficient for the people who use government services every day.

Continue to prioritize the Obama administration’s existing efforts to put unparalleled amounts of data online at Data.gov and other federal sites, making it easier and cheaper for citizens and businesses to access the information they need.

Use social media networks to deliver information to the public and to solicit feedback to improve government performance.

Integrate ideas and operations with state and local organizations, where much of government innovation is taking place today.

Apply the methods of private-sector business planning to the public sector to produce region-specific business plans that are low cost and high impact.

These improvements in government services innovations in the digital age can help spur innovation and support a robust business climate. And, as a sorely needed side benefit, they can also serve to eliminate some of the current distrust and even contempt for government that has brought public approval of the performance of the federal government to near historic lows.

Many web services are examples of cloud computing, from storage and backup sites such as Flickr and Dropbox to online business productivity services such as Google Docs and Salesforce.com. Cloud computing offers a potentially attractive solution to customers keen to acquire computing infrastructure without large up-front investment, particularly in cases where their demand may be variable and unpredictable, as a means of achieving financial savings, productivity improvements and the wider flexibility that accompanies Internet-hosting of data and applications.

The greater flexibility of a cloud computing service as compared with a traditional outsourcing contract may be offset by reduced certainty for the customer in terms of the location of data placed into the cloud and the legal foundations of any contract with the provider. There may be unforeseen costs and risks hidden in the terms and conditions of such services.

This document reports on a detailed survey and analysis of the terms and conditions offered by cloud computing providers.

The survey formed part of the Cloud Legal Project at the Centre for Commercial Law Studies (CCLS), within the School of Law at Queen Mary, University of London, UK. Funded by a donation from Microsoft, but academically independent, the project is examining a wide range of legal and regulatory issues arising from cloud computing. The project's survey of 31 cloud computing contracts from 27 different providers, based on their standard terms of service as offered to customers in the E.U. and U.K., found that many include clauses that could have a significant impact, often negative, on the rights and interests of customers. The ease and convenience with which cloud computing arrangements can be set up may lull customers into overlooking the significant issues that can arise when key data and processes are entrusted to cloud service providers. The main lesson to be drawn from the Cloud Legal Project’s survey is that customers should review the terms and conditions of a cloud service carefully before signing up to it.

The survey found that some contracts, for instance, have clauses disclaiming responsibility for keeping the user’s data secure or intact. Others reserve the right to terminate accounts for apparent lack of use (potentially important if they are used for occasional backup or disaster recovery purposes), for violation of the provider’s Acceptable Use Policy, or indeed for any or no reason at all. Furthermore, whilst some providers promise only to hand over customer data if served with a court order, others state that they will do so on much wider grounds, including it simply being in their own business interests to disclose the data. Cloud providers also often exclude liability for loss of data, or strictly limit the damages that can be claimed against them – damages that might otherwise be substantial if a failure brought down an e-commerce web site.

Although in some U.S. states, in E.U. countries and in various other jurisdictions the validity of such terms may be challenged under consumer protection laws, users of cloud services may face practical obstacles to bringing a claim for data loss or privacy breach against a provider that seems local online but is, in fact, based in another continent. Indeed, service providers usually claim that their contracts are subject to the laws of the place where they have their main place of business. In many cases this is a US state, with a stipulation that any dispute must be heard in the provider’s local courts, regardless of the customer’s location.

Perhaps the most disconcerting discovery of the Cloud Legal Project’s survey was that many providers claimed to be able to amend their contracts unilaterally, simply by posting an updated version on the web. In effect, customers are put on notice to download lengthy and complex contracts, on a regular basis, and to compare them against their own copies of earlier versions to look for changes.

The cloud computing market is still developing rapidly, and potential cloud customers should be aware that there may be a mismatch between their expectations and the reality of cloud providers' service terms, and be alive to the possibility of unexpected changes to the terms.

Downloads

Authors

Simon Bradshaw

Christopher Millard

Ian Walden

Image Source: Natalie Racioppa

]]>

]]>
Tue, 01 Mar 2011 13:45:00 -0500Simon Bradshaw, Christopher Millard and Ian Walden
EXECUTIVE SUMMARY
Many web services are examples of cloud computing, from storage and backup sites such as Flickr and Dropbox to online business productivity services such as Google Docs and Salesforce.com. Cloud computing offers a potentially attractive solution to customers keen to acquire computing infrastructure without large up-front investment, particularly in cases where their demand may be variable and unpredictable, as a means of achieving financial savings, productivity improvements and the wider flexibility that accompanies Internet-hosting of data and applications.
The greater flexibility of a cloud computing service as compared with a traditional outsourcing contract may be offset by reduced certainty for the customer in terms of the location of data placed into the cloud and the legal foundations of any contract with the provider. There may be unforeseen costs and risks hidden in the terms and conditions of such services.
This document reports on a detailed survey and analysis of the terms and conditions offered by cloud computing providers.
The survey formed part of the Cloud Legal Project at the Centre for Commercial Law Studies (CCLS), within the School of Law at Queen Mary, University of London, UK. Funded by a donation from Microsoft, but academically independent, the project is examining a wide range of legal and regulatory issues arising from cloud computing. The project's survey of 31 cloud computing contracts from 27 different providers, based on their standard terms of service as offered to customers in the E.U. and U.K., found that many include clauses that could have a significant impact, often negative, on the rights and interests of customers. The ease and convenience with which cloud computing arrangements can be set up may lull customers into overlooking the significant issues that can arise when key data and processes are entrusted to cloud service providers. The main lesson to be drawn from the Cloud Legal Project’s survey is that customers should review the terms and conditions of a cloud service carefully before signing up to it.
The survey found that some contracts, for instance, have clauses disclaiming responsibility for keeping the user’s data secure or intact. Others reserve the right to terminate accounts for apparent lack of use (potentially important if they are used for occasional backup or disaster recovery purposes), for violation of the provider’s Acceptable Use Policy, or indeed for any or no reason at all. Furthermore, whilst some providers promise only to hand over customer data if served with a court order, others state that they will do so on much wider grounds, including it simply being in their own business interests to disclose the data. Cloud providers also often exclude liability for loss of data, or strictly limit the damages that can be claimed against them – damages that might otherwise be substantial if a failure brought down an e-commerce web site.
Although in some U.S. states, in E.U. countries and in various other jurisdictions the validity of such terms may be challenged under consumer protection laws, users of cloud services may face practical obstacles to bringing a claim for data loss or privacy breach against a provider that seems local online but is, in fact, based in another continent. Indeed, service providers usually claim that their contracts are subject to the laws of the place where they have their main place of business. In many cases this is a US state, with a stipulation that any dispute must be heard in the provider’s local courts, regardless of the customer’s location.
Perhaps the most disconcerting discovery of the Cloud Legal Project’s survey was that many providers claimed to be able to amend their contracts unilaterally, simply by posting an updated version on the web. In effect, customers are put on notice to download lengthy and complex contracts, on a regular basis, and ... EXECUTIVE SUMMARY
Many web services are examples of cloud computing, from storage and backup sites such as Flickr and Dropbox to online business productivity services such as Google Docs and Salesforce.com. Cloud computing offers a potentially ...

EXECUTIVE SUMMARY

Many web services are examples of cloud computing, from storage and backup sites such as Flickr and Dropbox to online business productivity services such as Google Docs and Salesforce.com. Cloud computing offers a potentially attractive solution to customers keen to acquire computing infrastructure without large up-front investment, particularly in cases where their demand may be variable and unpredictable, as a means of achieving financial savings, productivity improvements and the wider flexibility that accompanies Internet-hosting of data and applications.

The greater flexibility of a cloud computing service as compared with a traditional outsourcing contract may be offset by reduced certainty for the customer in terms of the location of data placed into the cloud and the legal foundations of any contract with the provider. There may be unforeseen costs and risks hidden in the terms and conditions of such services.

This document reports on a detailed survey and analysis of the terms and conditions offered by cloud computing providers.

The survey formed part of the Cloud Legal Project at the Centre for Commercial Law Studies (CCLS), within the School of Law at Queen Mary, University of London, UK. Funded by a donation from Microsoft, but academically independent, the project is examining a wide range of legal and regulatory issues arising from cloud computing. The project's survey of 31 cloud computing contracts from 27 different providers, based on their standard terms of service as offered to customers in the E.U. and U.K., found that many include clauses that could have a significant impact, often negative, on the rights and interests of customers. The ease and convenience with which cloud computing arrangements can be set up may lull customers into overlooking the significant issues that can arise when key data and processes are entrusted to cloud service providers. The main lesson to be drawn from the Cloud Legal Project’s survey is that customers should review the terms and conditions of a cloud service carefully before signing up to it.

The survey found that some contracts, for instance, have clauses disclaiming responsibility for keeping the user’s data secure or intact. Others reserve the right to terminate accounts for apparent lack of use (potentially important if they are used for occasional backup or disaster recovery purposes), for violation of the provider’s Acceptable Use Policy, or indeed for any or no reason at all. Furthermore, whilst some providers promise only to hand over customer data if served with a court order, others state that they will do so on much wider grounds, including it simply being in their own business interests to disclose the data. Cloud providers also often exclude liability for loss of data, or strictly limit the damages that can be claimed against them – damages that might otherwise be substantial if a failure brought down an e-commerce web site.

Although in some U.S. states, in E.U. countries and in various other jurisdictions the validity of such terms may be challenged under consumer protection laws, users of cloud services may face practical obstacles to bringing a claim for data loss or privacy breach against a provider that seems local online but is, in fact, based in another continent. Indeed, service providers usually claim that their contracts are subject to the laws of the place where they have their main place of business. In many cases this is a US state, with a stipulation that any dispute must be heard in the provider’s local courts, regardless of the customer’s location.

Perhaps the most disconcerting discovery of the Cloud Legal Project’s survey was that many providers claimed to be able to amend their contracts unilaterally, simply by posting an updated version on the web. In effect, customers are put on notice to download lengthy and complex contracts, on a regular basis, and to compare them against their own copies of earlier versions to look for changes.

The cloud computing market is still developing rapidly, and potential cloud customers should be aware that there may be a mismatch between their expectations and the reality of cloud providers' service terms, and be alive to the possibility of unexpected changes to the terms.

Cloud computing can mean different things to different people, and obviously the privacy and security concerns will differ between a consumer using a public cloud application, a medium-sized enterprise using a customized suite of business applications on a cloud platform, and a government agency with a private cloud for internal database sharing (Whitten, 2010). The shift of each category of user to cloud systems brings a different package of benefits and risks.

What remains constant, though, is the tangible and intangible value that the user seeks to protect. For an individual, the value at risk can range from loss of civil liberties to the contents of bank accounts. For a business, the value runs from core trade secrets to continuity of business operations and public reputation. Much of this is hard to estimate and translate into standard metrics of value (Lev, 2003) The task in this transition is to compare the opportunities of cloud adoption with the risks. The benefits of cloud have been discussed elsewhere, to the individual to the enterprise, and to the government (West, 2010a, 2010b).

This document explores how to think about privacy and security on the cloud. It is not intended to be a catalog of cloud threats (see ENISA (2009) for an example of rigorous exploration of the risks of cloud adoption to specific groups). We frame the set of concerns for the cloud and highlight what is new and what is not. We analyze a set of policy issues that represent systematic concerns deserving the attention of policy-makers. We argue that the weak link in security generally is the human factor and surrounding institutions and incentives matter more than the platform itself. As long as we learn the lessons of past breakdowns, cloud computing has the potential to generate innovation without sacrificing privacy and
security (Amoroso, 2006; Benioff, 2009).

Downloads

Authors

]]>
Tue, 26 Oct 2010 11:50:00 -0400Allan A. Friedman and Darrell M. West
Executive Summary
Cloud computing can mean different things to different people, and obviously the privacy and security concerns will differ between a consumer using a public cloud application, a medium-sized enterprise using a customized suite of business applications on a cloud platform, and a government agency with a private cloud for internal database sharing (Whitten, 2010). The shift of each category of user to cloud systems brings a different package of benefits and risks.
What remains constant, though, is the tangible and intangible value that the user seeks to protect. For an individual, the value at risk can range from loss of civil liberties to the contents of bank accounts. For a business, the value runs from core trade secrets to continuity of business operations and public reputation. Much of this is hard to estimate and translate into standard metrics of value (Lev, 2003) The task in this transition is to compare the opportunities of cloud adoption with the risks. The benefits of cloud have been discussed elsewhere, to the individual to the enterprise, and to the government (West, 2010a, 2010b).
This document explores how to think about privacy and security on the cloud. It is not intended to be a catalog of cloud threats (see ENISA (2009) for an example of rigorous exploration of the risks of cloud adoption to specific groups). We frame the set of concerns for the cloud and highlight what is new and what is not. We analyze a set of policy issues that represent systematic concerns deserving the attention of policy-makers. We argue that the weak link in security generally is the human factor and surrounding institutions and incentives matter more than the platform itself. As long as we learn the lessons of past breakdowns, cloud computing has the potential to generate innovation without sacrificing privacy and security (Amoroso, 2006; Benioff, 2009).
Downloads
- Download the Full Paper
Authors
- Allan A. Friedman- Darrell M. West
Image Source: JupiterimagesExecutive Summary
Cloud computing can mean different things to different people, and obviously the privacy and security concerns will differ between a consumer using a public cloud application, a medium-sized enterprise using a customized suite of ...

Executive Summary

Cloud computing can mean different things to different people, and obviously the privacy and security concerns will differ between a consumer using a public cloud application, a medium-sized enterprise using a customized suite of business applications on a cloud platform, and a government agency with a private cloud for internal database sharing (Whitten, 2010). The shift of each category of user to cloud systems brings a different package of benefits and risks.

What remains constant, though, is the tangible and intangible value that the user seeks to protect. For an individual, the value at risk can range from loss of civil liberties to the contents of bank accounts. For a business, the value runs from core trade secrets to continuity of business operations and public reputation. Much of this is hard to estimate and translate into standard metrics of value (Lev, 2003) The task in this transition is to compare the opportunities of cloud adoption with the risks. The benefits of cloud have been discussed elsewhere, to the individual to the enterprise, and to the government (West, 2010a, 2010b).

This document explores how to think about privacy and security on the cloud. It is not intended to be a catalog of cloud threats (see ENISA (2009) for an example of rigorous exploration of the risks of cloud adoption to specific groups). We frame the set of concerns for the cloud and highlight what is new and what is not. We analyze a set of policy issues that represent systematic concerns deserving the attention of policy-makers. We argue that the weak link in security generally is the human factor and surrounding institutions and incentives matter more than the platform itself. As long as we learn the lessons of past breakdowns, cloud computing has the potential to generate innovation without sacrificing privacy and
security (Amoroso, 2006; Benioff, 2009).

Downloads

Authors

]]>
http://www.brookings.edu/events/2010/10/26-cloud-computing?rssid=cloud+computing{62433FD5-544F-4534-B9E9-3F98084D97FC}http://webfeeds.brookings.edu/~/65489100/0/brookingsrss/topics/cloudcomputing~Privacy-and-Security-in-the-Cloud-Computing-AgePrivacy and Security in the Cloud Computing Age

Event Information

Although research suggests that considerable efficiencies can be gained from cloud computing technology, concerns over privacy and security continue to deter government and private-sector firms from migrating to the cloud. By its very nature, storing information or accessing services through remote providers would seem to raise the level of privacy and security risks. But is such apprehension warranted? What are the real security threats posed to individuals, business and government by cloud computing technologies? Do the cost-saving benefits outweigh the dangers?

On October 26, the Brookings Institution hosted a policy forum on the privacy and security challenges raised by cloud computing. Governance Studies Director Darrell West moderated a panel of technology industry experts examining how cloud computing systems can generate innovation and cost savings without sacrificing privacy and security. West will also present findings from his forthcoming paper “Privacy, Security, and Innovation in Cloud Computing.”

After the program, panelists took audience questions.

Transcript

Event Materials

]]>
Tue, 26 Oct 2010 10:00:00 -0400
Event Information
October 26, 2010
10:00 AM - 11:30 AM EDT
Falk Auditorium
The Brookings Institution
1775 Massachusetts Ave., NW
Washington, DC Register for the Event
Although research suggests that considerable efficiencies can be gained from cloud computing technology, concerns over privacy and security continue to deter government and private-sector firms from migrating to the cloud. By its very nature, storing information or accessing services through remote providers would seem to raise the level of privacy and security risks. But is such apprehension warranted? What are the real security threats posed to individuals, business and government by cloud computing technologies? Do the cost-saving benefits outweigh the dangers?
On October 26, the Brookings Institution hosted a policy forum on the privacy and security challenges raised by cloud computing. Governance Studies Director Darrell West moderated a panel of technology industry experts examining how cloud computing systems can generate innovation and cost savings without sacrificing privacy and security. West will also present findings from his forthcoming paper “Privacy, Security, and Innovation in Cloud Computing.”
After the program, panelists took audience questions.
Transcript
- Uncorrected Transcript (.pdf)
Event Materials
- 20101026_cloud_computing
Event Information
October 26, 2010
10:00 AM - 11:30 AM EDT
Falk Auditorium
The Brookings Institution
1775 Massachusetts Ave., NW
Washington, DC Register for the Event
Although research suggests that considerable efficiencies can be gained ...

Event Information

Although research suggests that considerable efficiencies can be gained from cloud computing technology, concerns over privacy and security continue to deter government and private-sector firms from migrating to the cloud. By its very nature, storing information or accessing services through remote providers would seem to raise the level of privacy and security risks. But is such apprehension warranted? What are the real security threats posed to individuals, business and government by cloud computing technologies? Do the cost-saving benefits outweigh the dangers?

On October 26, the Brookings Institution hosted a policy forum on the privacy and security challenges raised by cloud computing. Governance Studies Director Darrell West moderated a panel of technology industry experts examining how cloud computing systems can generate innovation and cost savings without sacrificing privacy and security. West will also present findings from his forthcoming paper “Privacy, Security, and Innovation in Cloud Computing.”

After the program, panelists took audience questions.

Transcript

Event Materials

]]>
http://www.brookings.edu/events/2010/07/21-cloud-computing?rssid=cloud+computing{4A28B684-DB25-4ACA-8AAC-42BA493C574C}http://webfeeds.brookings.edu/~/65489104/0/brookingsrss/topics/cloudcomputing~Moving-to-the-Cloud-How-the-Public-Sector-Can-Leverage-the-Power-of-Cloud-ComputingMoving to the Cloud: How the Public Sector Can Leverage the Power of Cloud Computing

Event Information

The U.S. government spends billions of dollars each year on computer hardware, software and file servers that may no longer be necessary. Currently, the public sector makes relatively little use of cloud computing, even though studies suggest substantial government savings from a migration to more Internet-based computing with shared resources.

On July 21, the Center for Technology Innovation at Brookings hosted a policy forum on steps to enhance public sector adoption of cloud computing innovations. Brookings Vice President Darrell West moderated a panel of experts, including David McClure of the General Services Administration, Dawn Leaf of the National Institute for Standards and Technology, and Katie Ratte of the Federal Trade Commission. West released a paper detailing the policy changes required to improve the efficiency and effectiveness of federal computing.

Event Materials

]]>
Wed, 21 Jul 2010 10:00:00 -0400http://e94516386dde43a790f1-3efc6a395eb32e640ae30c4edef7596c.r44.cf1.rackcdn.com/639637786001.mp3
Event Information
July 21, 2010
10:00 AM - 12:00 PM EDT
Falk Auditorium
The Brookings Institution
1775 Massachusetts Ave., NW
Washington, DC Register for the Event
The U.S. government spends billions of dollars each year on computer hardware, software and file servers that may no longer be necessary. Currently, the public sector makes relatively little use of cloud computing, even though studies suggest substantial government savings from a migration to more Internet-based computing with shared resources.
On July 21, the Center for Technology Innovation at Brookings hosted a policy forum on steps to enhance public sector adoption of cloud computing innovations. Brookings Vice President Darrell West moderated a panel of experts, including David McClure of the General Services Administration, Dawn Leaf of the National Institute for Standards and Technology, and Katie Ratte of the Federal Trade Commission. West released a paper detailing the policy changes required to improve the efficiency and effectiveness of federal computing.
Audio
- Moving to the Cloud: How the Public Sector Can Leverage the Power of Cloud Computing
Transcript
- Uncorrected Transcript (.pdf)- Download Dawn Leaf's PowerPoint Presentation (.pdf)- Download David McClure's PowerPoint Presentation (.pdf)
Event Materials
- 20100721_cloud_computing- 0721_cloud_computing_leaf- 0721_cloud_computing_mcclure
Event Information
July 21, 2010
10:00 AM - 12:00 PM EDT
Falk Auditorium
The Brookings Institution
1775 Massachusetts Ave., NW
Washington, DC Register for the Event
The U.S. government spends billions of dollars each year on computer ...

Event Information

The U.S. government spends billions of dollars each year on computer hardware, software and file servers that may no longer be necessary. Currently, the public sector makes relatively little use of cloud computing, even though studies suggest substantial government savings from a migration to more Internet-based computing with shared resources.

On July 21, the Center for Technology Innovation at Brookings hosted a policy forum on steps to enhance public sector adoption of cloud computing innovations. Brookings Vice President Darrell West moderated a panel of experts, including David McClure of the General Services Administration, Dawn Leaf of the National Institute for Standards and Technology, and Katie Ratte of the Federal Trade Commission. West released a paper detailing the policy changes required to improve the efficiency and effectiveness of federal computing.

Event Materials

]]>
http://www.brookings.edu/research/papers/2010/07/21-cloud-computing-west?rssid=cloud+computing{1CBEE025-43B4-43F6-8F8D-56BBBE5553C8}http://webfeeds.brookings.edu/~/65489101/0/brookingsrss/topics/cloudcomputing~Steps-to-Improve-Cloud-Computing-in-the-Public-SectorSteps to Improve Cloud Computing in the Public Sector

Executive Summary

Government information technology is subject to a variety of rules, regulations, and procurement policies. Computing is treated differently depending on whether the platform is based on desktops, laptops, mobile devices, or remote file servers known as cloud computing. There are differences between the executive, legislative, and judicial branches of government, as well as in the level of privacy and security expected for various applications.

Some people perceive higher security on desktop or laptop computers and lower security with the cloud because the latter’s information is stored remotely through third-party commercial providers. In reality, though, there are serious security threats to all electronic information regardless of platform, and cloud server providers often take security more seriously than mass consumers or government officials employing weak passwords on their local computers.

In this paper, I review current federal IT policy and discuss rules, practices, and procedures that limit innovation. There are a variety of obstacles that make it difficult for policymakers to take full advantage of the technological revolution that has unfolded in recent years. After outlining these issues, I make recommendations on policy changes required to improve the efficiency and effectiveness of federal computing.

My specific recommendations include:

Public officials should develop more consistent rules on computing across desktop, laptop, mobile, and cloud platforms.

The use of video, collaboration, and social networking should be authorized for congressional offices. This would make legislative branch policy consistent with that of the executive branch.

Judicial branch computing should be modernized, with greater emphasis on cloud computing.

There should be a more uniform certification process for federal agencies. Right now, each agency is responsible for certifying its own applications. It makes sense to have a “joint authorization board” with the power to review management services and certify particular products for use across the government.

Congress should update the Electronic Communications Privacy Act to change the process by which law enforcement agents obtain electronic information. Instead of using a prosecutor’s subpoena, legislation should require a “probable cause” search warrant that is approved by a judge. This would provide greater safeguards in terms of online content, pictures, geolocation data, and e-mails.

Privacy rights should be placed on the same footing regardless of whether a person is using desktop or cloud computing. It makes little sense to have weaker standards on one platform than another. Consumers and government decision-makers expect the same level of protection whether they are accessing information on a desktop, laptop, mobile, or cloud storage system.

Congress should amend the Computer Fraud and Abuse Act to strengthen penalties for unwanted intrusion into computing systems. The law has inconsistent penalties and prosecutors have found that it is hard to prosecute cyber-crimes.

Apps.gov represents a big step forward and government use should be expanded because it makes procurement easier and speeds public sector innovation. It is a model of how the government can reinvent itself through digital technology in ways that improve efficiency and effectiveness.

Countries need to harmonize their laws on cloud computing so as to reduce current inconsistencies in regard to privacy, data storage, security processes, and personnel training,

There should be mechanisms for data exchange that encourage portability across platforms. We should avoid vendor lock-in that precludes data exchange.

Data on uptime, downtime, recover time, archiving, and maintenance schedules would help build public trust by providing information on computing performance.

Downloads

Authors

]]>
Wed, 21 Jul 2010 09:58:00 -0400Darrell M. West
Executive Summary
Government information technology is subject to a variety of rules, regulations, and procurement policies. Computing is treated differently depending on whether the platform is based on desktops, laptops, mobile devices, or remote file servers known as cloud computing. There are differences between the executive, legislative, and judicial branches of government, as well as in the level of privacy and security expected for various applications.
Some people perceive higher security on desktop or laptop computers and lower security with the cloud because the latter’s information is stored remotely through third-party commercial providers. In reality, though, there are serious security threats to all electronic information regardless of platform, and cloud server providers often take security more seriously than mass consumers or government officials employing weak passwords on their local computers.
In this paper, I review current federal IT policy and discuss rules, practices, and procedures that limit innovation. There are a variety of obstacles that make it difficult for policymakers to take full advantage of the technological revolution that has unfolded in recent years. After outlining these issues, I make recommendations on policy changes required to improve the efficiency and effectiveness of federal computing.
My specific recommendations include:
- Public officials should develop more consistent rules on computing across desktop, laptop, mobile, and cloud platforms. - The use of video, collaboration, and social networking should be authorized for congressional offices. This would make legislative branch policy consistent with that of the executive branch. - Judicial branch computing should be modernized, with greater emphasis on cloud computing. - There should be a more uniform certification process for federal agencies. Right now, each agency is responsible for certifying its own applications. It makes sense to have a “joint authorization board” with the power to review management services and certify particular products for use across the government. - Congress should update the Electronic Communications Privacy Act to change the process by which law enforcement agents obtain electronic information. Instead of using a prosecutor’s subpoena, legislation should require a “probable cause” search warrant that is approved by a judge. This would provide greater safeguards in terms of online content, pictures, geolocation data, and e-mails. - Privacy rights should be placed on the same footing regardless of whether a person is using desktop or cloud computing. It makes little sense to have weaker standards on one platform than another. Consumers and government decision-makers expect the same level of protection whether they are accessing information on a desktop, laptop, mobile, or cloud storage system. - Congress should amend the Computer Fraud and Abuse Act to strengthen penalties for unwanted intrusion into computing systems. The law has inconsistent penalties and prosecutors have found that it is hard to prosecute cyber-crimes. - Apps.gov represents a big step forward and government use should be expanded because it makes procurement easier and speeds public sector innovation. It is a model of how the government can reinvent itself through digital technology in ways that improve efficiency and effectiveness. - Countries need to harmonize their laws on cloud computing so as to reduce current inconsistencies in regard to privacy, data storage, security processes, and personnel training, - There should be mechanisms for data exchange that encourage portability across platforms. We should avoid vendor lock-in that precludes data exchange. - Data on uptime, downtime, recover time, archiving, and ... Executive Summary
Government information technology is subject to a variety of rules, regulations, and procurement policies. Computing is treated differently depending on whether the platform is based on desktops, laptops, mobile devices, or ...

Executive Summary

Government information technology is subject to a variety of rules, regulations, and procurement policies. Computing is treated differently depending on whether the platform is based on desktops, laptops, mobile devices, or remote file servers known as cloud computing. There are differences between the executive, legislative, and judicial branches of government, as well as in the level of privacy and security expected for various applications.

Some people perceive higher security on desktop or laptop computers and lower security with the cloud because the latter’s information is stored remotely through third-party commercial providers. In reality, though, there are serious security threats to all electronic information regardless of platform, and cloud server providers often take security more seriously than mass consumers or government officials employing weak passwords on their local computers.

In this paper, I review current federal IT policy and discuss rules, practices, and procedures that limit innovation. There are a variety of obstacles that make it difficult for policymakers to take full advantage of the technological revolution that has unfolded in recent years. After outlining these issues, I make recommendations on policy changes required to improve the efficiency and effectiveness of federal computing.

My specific recommendations include:

Public officials should develop more consistent rules on computing across desktop, laptop, mobile, and cloud platforms.

The use of video, collaboration, and social networking should be authorized for congressional offices. This would make legislative branch policy consistent with that of the executive branch.

Judicial branch computing should be modernized, with greater emphasis on cloud computing.

There should be a more uniform certification process for federal agencies. Right now, each agency is responsible for certifying its own applications. It makes sense to have a “joint authorization board” with the power to review management services and certify particular products for use across the government.

Congress should update the Electronic Communications Privacy Act to change the process by which law enforcement agents obtain electronic information. Instead of using a prosecutor’s subpoena, legislation should require a “probable cause” search warrant that is approved by a judge. This would provide greater safeguards in terms of online content, pictures, geolocation data, and e-mails.

Privacy rights should be placed on the same footing regardless of whether a person is using desktop or cloud computing. It makes little sense to have weaker standards on one platform than another. Consumers and government decision-makers expect the same level of protection whether they are accessing information on a desktop, laptop, mobile, or cloud storage system.

Congress should amend the Computer Fraud and Abuse Act to strengthen penalties for unwanted intrusion into computing systems. The law has inconsistent penalties and prosecutors have found that it is hard to prosecute cyber-crimes.

Apps.gov represents a big step forward and government use should be expanded because it makes procurement easier and speeds public sector innovation. It is a model of how the government can reinvent itself through digital technology in ways that improve efficiency and effectiveness.

Countries need to harmonize their laws on cloud computing so as to reduce current inconsistencies in regard to privacy, data storage, security processes, and personnel training,

There should be mechanisms for data exchange that encourage portability across platforms. We should avoid vendor lock-in that precludes data exchange.

Data on uptime, downtime, recover time, archiving, and maintenance schedules would help build public trust by providing information on computing performance.

Technology offers the greatest source for innovation in the public sector and one of the best examples falls within the area of cloud computing. As I noted in a recent paper, the U.S. federal government spends nearly $76 billion each year on information technology, and $20 billion of that is devoted to hardware, software, and file servers. Traditionally, computing services have been delivered through desktops or laptops operated by proprietary software. But new advances in cloud computing have made it possible for public sector agencies alike to access software, services, and data storage through remote file servers.

I looked at possible cost savings a federal agency might expect from migrating to the cloud. After undertaking case studies of government agencies that made the move, I found that the agencies generally saw between 25 and 50 percent savings in moving to the cloud. Public officials can save money by reducing the number of file servers they need to purchase, cutting software costs, relying on fewer information technology specialists, and improving the efficiency of their data storage utilization.

In 2008, Washington, D.C. city government shifted many of its 38,000 employee email services across 86 agencies to the cloud, and the migration saved 48 percent on email expenditures.
In 2009, the city of Los Angeles moved email service for its 30,000 employees to the cloud. An analysis undertaken by City Administrative Officer Miguel Santana for the City Council found that the five-year costs of running the new Google system would be $17,556,484, which was 23.6 percent less than the $22,996,242 for operating GroupWise during that same period. And in terms of personnel savings, the city needed nine fewer people in its information technology department.

The U.S. Air Force 45th Space Wing is responsible for launching and tracking unmanned space vehicles from Cape Canaveral Air Force Station and employs more than 10,000 workers. The Wing had 60 distinct file servers, but found that it utilized only 10 percent of central processing unit capacity. Commanders modernized their system and saved $180,000 per year in annual computing costs. In addition, the unit saved money by not buying new hardware or deploying new software. These are just some of the ways the government is using technology to save money and increase efficiency of its operations.

Technology offers the greatest source for innovation in the public sector and one of the best examples falls within the area of cloud computing. As I noted in a recent paper, the U.S. federal government spends nearly $76 billion each year on information technology, and $20 billion of that is devoted to hardware, software, and file servers. Traditionally, computing services have been delivered through desktops or laptops operated by proprietary software. But new advances in cloud computing have made it possible for public sector agencies alike to access software, services, and data storage through remote file servers.

I looked at possible cost savings a federal agency might expect from migrating to the cloud. After undertaking case studies of government agencies that made the move, I found that the agencies generally saw between 25 and 50 percent savings in moving to the cloud. Public officials can save money by reducing the number of file servers they need to purchase, cutting software costs, relying on fewer information technology specialists, and improving the efficiency of their data storage utilization.

In 2008, Washington, D.C. city government shifted many of its 38,000 employee email services across 86 agencies to the cloud, and the migration saved 48 percent on email expenditures.
In 2009, the city of Los Angeles moved email service for its 30,000 employees to the cloud. An analysis undertaken by City Administrative Officer Miguel Santana for the City Council found that the five-year costs of running the new Google system would be $17,556,484, which was 23.6 percent less than the $22,996,242 for operating GroupWise during that same period. And in terms of personnel savings, the city needed nine fewer people in its information technology department.

The U.S. Air Force 45th Space Wing is responsible for launching and tracking unmanned space vehicles from Cape Canaveral Air Force Station and employs more than 10,000 workers. The Wing had 60 distinct file servers, but found that it utilized only 10 percent of central processing unit capacity. Commanders modernized their system and saved $180,000 per year in annual computing costs. In addition, the unit saved money by not buying new hardware or deploying new software. These are just some of the ways the government is using technology to save money and increase efficiency of its operations.

Event Information

Cloud computing services over the Internet have the potential to spur a significant increase in government efficiency and decrease technology costs, as well as to create incentives and online platforms for innovation. Adoption of cloud computing technologies could lead to new, efficient ways of governing.

On April 7, the Brookings Institution hosted a policy forum that examines the economic benefits of cloud computing for local, state, and federal government. Federal Chief Information Officer Vivek Kundra delivered a keynote address on the role of the government in developing and promoting cloud computing. Brookings Vice President Darrell West moderated a panel of experts and detailed the findings in his paper, "Saving Money through Cloud Computing," which analyzes its governmental cost-savings potential.

Event Information

Cloud computing services over the Internet have the potential to spur a significant increase in government efficiency and decrease technology costs, as well as to create incentives and online platforms for innovation. Adoption of cloud computing technologies could lead to new, efficient ways of governing.

On April 7, the Brookings Institution hosted a policy forum that examines the economic benefits of cloud computing for local, state, and federal government. Federal Chief Information Officer Vivek Kundra delivered a keynote address on the role of the government in developing and promoting cloud computing. Brookings Vice President Darrell West moderated a panel of experts and detailed the findings in his paper, "Saving Money through Cloud Computing," which analyzes its governmental cost-savings potential.